{"id":"https://openalex.org/W3185784227","doi":"https://doi.org/10.1007/978-3-030-78086-9_29","title":"Early Detection of In-Memory Malicious Activity based on Run-time Environmental Features","display_name":"Early Detection of In-Memory Malicious Activity based on Run-time Environmental Features","publication_year":2021,"publication_date":"2021-03-29","ids":{"openalex":"https://openalex.org/W3185784227","doi":"https://doi.org/10.1007/978-3-030-78086-9_29","mag":"3185784227"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2103.16029","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2103.16029","pdf_url":"https://arxiv.org/pdf/2103.16029","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"book-chapter","indexed_in":["arxiv"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2103.16029","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5017997916","display_name":"Dorel Yaffe","orcid":null},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":true,"raw_author_name":"Yaffe, Dorel","raw_affiliation_strings":["Department of Computer Science, Ben-Gurion University, Beer-Sheva, Israel"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Ben-Gurion University, Beer-Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5022630655","display_name":"Danny Hendler","orcid":"https://orcid.org/0000-0001-7152-7828"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Hendler, Danny","raw_affiliation_strings":["Department of Computer Science, Ben-Gurion University, Beer-Sheva, Israel"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, Ben-Gurion University, Beer-Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5017997916"],"corresponding_institution_ids":["https://openalex.org/I124227911"],"apc_list":null,"apc_paid":null,"fwci":0.1542,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.43611185,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9968000054359436,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8907734155654907},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.7855652570724487},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.718634307384491},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.6892351508140564},{"id":"https://openalex.org/keywords/activity-detection","display_name":"Activity detection","score":0.4501754939556122},{"id":"https://openalex.org/keywords/simplicity","display_name":"Simplicity","score":0.43772774934768677},{"id":"https://openalex.org/keywords/embedded-system","display_name":"Embedded system","score":0.3790609538555145},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3547709584236145},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3426544666290283},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.23153188824653625}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8907734155654907},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.7855652570724487},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.718634307384491},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.6892351508140564},{"id":"https://openalex.org/C2988656282","wikidata":"https://www.wikidata.org/wiki/Q4677630","display_name":"Activity detection","level":2,"score":0.4501754939556122},{"id":"https://openalex.org/C2776372474","wikidata":"https://www.wikidata.org/wiki/Q508291","display_name":"Simplicity","level":2,"score":0.43772774934768677},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.3790609538555145},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3547709584236145},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3426544666290283},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.23153188824653625},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C111472728","wikidata":"https://www.wikidata.org/wiki/Q9471","display_name":"Epistemology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"pmh:oai:arXiv.org:2103.16029","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2103.16029","pdf_url":"https://arxiv.org/pdf/2103.16029","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2103.16029","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2103.16029","pdf_url":"https://arxiv.org/pdf/2103.16029","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/15","score":0.5299999713897705,"display_name":"Life in Land"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W2576498804","https://openalex.org/W2610857953","https://openalex.org/W2738219410","https://openalex.org/W2766618299","https://openalex.org/W2766645114","https://openalex.org/W2783707758","https://openalex.org/W2784097977","https://openalex.org/W2794748563","https://openalex.org/W2888498482","https://openalex.org/W2894236118","https://openalex.org/W2895892359","https://openalex.org/W2898929207","https://openalex.org/W2915893383","https://openalex.org/W2921118464","https://openalex.org/W2922344003","https://openalex.org/W2950754826","https://openalex.org/W2966341190","https://openalex.org/W2972552958","https://openalex.org/W2982355322","https://openalex.org/W2997139308","https://openalex.org/W2998074434","https://openalex.org/W3013517283","https://openalex.org/W3013896538","https://openalex.org/W3042229692","https://openalex.org/W3085538638","https://openalex.org/W3144668674","https://openalex.org/W4254029842"],"related_works":["https://openalex.org/W2368019753","https://openalex.org/W2333930193","https://openalex.org/W2737356002","https://openalex.org/W2246241526","https://openalex.org/W4301122218","https://openalex.org/W2374150061","https://openalex.org/W2081340182","https://openalex.org/W2369703001","https://openalex.org/W2372323577","https://openalex.org/W2321432690"],"abstract_inverted_index":{"In":[0],"recent":[1],"years":[2],"malware":[3,22,33,56,132,151],"has":[4],"become":[5],"increasingly":[6],"sophisticated":[7,150],"and":[8,50,58,112,136],"difficult":[9],"to":[10,13,21,31,36,61,77,97,154,166],"detect":[11,98],"prior":[12,35,76],"exploitation.":[14,37],"While":[15],"there":[16],"are":[17,92],"plenty":[18],"of":[19,53,104],"approaches":[20],"detection,":[23],"they":[24],"all":[25],"have":[26],"shortcomings":[27],"when":[28],"it":[29],"comes":[30],"identifying":[32],"correctly":[34],"The":[38],"trade-off":[39],"is":[40],"usually":[41],"between":[42],"false":[43,113],"positives,":[44],"causing":[45],"overhead,":[46],"preventing":[47],"normal":[48],"usage":[49],"the":[51,55,62,102],"risk":[52],"letting":[54],"execute":[57],"cause":[59],"damage":[60],"target.":[63],"We":[64,120],"present":[65],"a":[66],"novel":[67],"end-to-end":[68],"solution":[69,108,123,162],"for":[70,124],"in-memory":[71],"malicious":[72,99],"activity":[73,100],"detection":[74],"done":[75],"exploitation":[78],"by":[79],"leveraging":[80],"machine":[81,134],"learning":[82],"capabilities":[83],"based":[84],"on":[85],"data":[86],"from":[87,131],"unique":[88],"run-time":[89],"logs,":[90],"which":[91],"carefully":[93],"curated":[94],"in":[95,101],"order":[96],"memory":[103],"protected":[105],"processes.":[106],"This":[107],"achieves":[109],"reduced":[110],"overhead":[111],"positives":[114],"as":[115,117],"well":[116],"deployment":[118],"simplicity.":[119],"implemented":[121],"our":[122,161],"Windows-based":[125],"systems,":[126],"employing":[127],"multi":[128],"disciplinary":[129],"knowledge":[130],"research,":[133],"learning,":[135],"operating":[137],"system":[138],"internals.":[139],"Our":[140],"experimental":[141],"evaluation":[142],"yielded":[143],"promising":[144],"results.":[145],"As":[146],"we":[147,157],"expect":[148],"future":[149],"may":[152],"try":[153],"bypass":[155],"it,":[156],"also":[158],"discuss":[159],"how":[160],"can":[163],"be":[164],"extended":[165],"thwart":[167],"such":[168],"bypassing":[169],"attempts.":[170]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2021,"cited_by_count":1}],"updated_date":"2026-04-28T14:05:53.105641","created_date":"2021-08-02T00:00:00"}